JVN#06870202: EC-CUBE information disclosure vulnerability

2013-11-20T00:00:00
ID JVN:06870202
Type jvn
Reporter Japan Vulnerability Notes
Modified 2013-11-20T00:00:00

Description

## Description

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability.

## Impact

When the server receives a specially crafted request, the absolute path of the product on the server may be obtained.

## Solution

Apply the update or the patch
Apply the update or the patch according to the information provided by the developer.

## Products Affected

  • EC-CUBE 2.11.2
  • EC-CUBE 2.11.3
  • EC-CUBE 2.11.4
  • EC-CUBE 2.11.5
  • EC-CUBE 2.12.0
  • EC-CUBE 2.12.1
  • EC-CUBE 2.12.2
  • EC-CUBE 2.12.3
  • EC-CUBE 2.12.3en
  • EC-CUBE 2.12.3enP1
  • EC-CUBE 2.12.3enP2
  • EC-CUBE 2.12.4
  • EC-CUBE 2.12.4en
  • EC-CUBE 2.12.5
  • EC-CUBE 2.12.5en
  • EC-CUBE 2.12.6
  • EC-CUBE 2.12.6en
  • EC-CUBE 2.13.0